1. Field of the Invention
The present invention relates to techniques for software testing. More specifically, the present invention relates to a method and system for fault detection in software programs using bit-precise taint analysis and execution flow redirection.
2. Related Art
Taint analysis is typically used to detect exploits of security vulnerabilities in computer systems. In particular, dynamic taint analysis techniques typically involve tracing untrusted, or tainted, data during execution of software programs in the computer systems. For example, tainted data may originate from sources such as user input, network packets, and/or file system and device data. If the tainted data is used in a way that violates a security policy of a software program, a potential exploit may be found. Furthermore, because taint tracing is based on the software program's dynamic behavior rather than attack signatures of known exploits, taint tracing may detect both known attacks and future attacks on the software program.
However, existing dynamic taint analysis techniques have a number of drawbacks. First, interpreter- and architecture-based taint analysis techniques are constrained by supported languages and hardware, respectively. Next, taint analysis tools are typically configured to detect attacks and associated vulnerabilities on a software program at the time of use. As a result, taint analysis tools may be unable to detect faults and vulnerabilities prior to use of the software program. In addition, executing software programs using taint analysis tools may incur a significant performance penalty (e.g., 10-40 times slower than normal) due to instrumentation and tracing overhead. This overhead may be further increased by flow redirection mechanisms that involve solving for inputs to direct control flow instructions in the software program to the appropriate branches.
Hence, there is a need to improve taint analysis tools for broader applicability of taint analysis techniques and reduced performance overhead.